Security Analysis of Electronic Health Records

A bit old news, which I picked up from the excellent Bruce Schneiers blog.

The Canadian government conducted a security audit of the electronic health record implementation in British Columbia. It shows just what you could expect: a severe lack of security of any kind.

The Vancouver Sun reported on this last month. The report is available as a pdf here.

The Swedish Media Council criticises Facebook

The Swedish Media Council published a report yesterday where they look at the social networking sites used by kids today (Facebook and Youtube among others).

The study is done from a Swedish perspective, which reflects the sites selected for the study, as well as the basis for what criteria should used for the study to some extent (they base part of the criteria on the Swedish law Law on responsibility for electronic billboards (1998:112), also known as the BBS-law).

They mainly look at how safe the site is from a user (kids) perspective. Safety here focuses on handling of user information, how user reports/issues are handled, conditions for membership and  how easy it is to get information on, and in contact with the people running the site.

Unfortunately, the report does not go into all the details on the data they should have gathered in their research. Still an interesting read, and it should provide a good guide for parents looking out for their kids online.

The report is available as a download here. In Swedish only as far as I can tell.

Google opens up search in China

Well, sort of.

Their Chinese search site, now redirects to in Hong Kong. Google states that this is a direct response to the hacking attack reported on in January. They also state that that was the final straw that led them to the decision to stop censoring their search services in China.

By redirecting searches to their Hong Kong site, they hope to bypass Chinese legal requirements of self censorship. It will be interesting to see how the Chinese government responds to this. Google has set up a status page which reports on the availability on their services for users in China. You can find it here.

EU DP a problem for Google maps

March 3 (Bloomberg) — Google Inc., the owner of the most popular search engine, may not map Europe again with photos for its Street View service if European Union data-protection regulators reduce the images’ storage time from 12 months to 6.
“I think we would consider whether we want to drive through Europe again, because it would make the expense so draining,” Michael Jones, Google’s chief technology advocate and founder of Google Earth, said in an interview at the Cebit Technology Fair in Hanover.
Google has negotiated with EU authorities, agreeing to one- year storage from the day the images are published on Street View, according to Jones. Shorter periods won’t be possible as Google can’t reprocess its data quicker because of software restraints, he said.

Priorities when it comes to data privacy

I was reading again the article published in the BCS ITNOW issue for summer 2009 and thought it prudent to reiterate some grounding principles that drives their Personal Data Guardianship Code.

Government autorities should be asking “If we link these databases will it help the public or just make our administration easier?”

“Will our adminstration actually be better or cheaper if the data in these linked databases is inaccurate or the linkages are incorrect?”

And finally each person to question “I only want to buy a ticket so why do they want to know my ethnic origin, gender, marital status?”